Method, system, and device of cellular traffic monitoring

ABSTRACT

A cellular traffic monitoring system includes: a traffic detection function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate detection output which includes at least one of: a type of an application associated with the cellular traffic of the cellular subscriber device, and a type of the cellular traffic of the cellular subscriber device. The cellular traffic monitoring system further includes a policy charging and enforcement function (PCEF) module to enforce one or more charging rules to the cellular subscriber device, based on the detection output.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No.14/715,601, now U.S. Pat. No. 9,179,008, filed on May 19, 2015; whichwas a Continuation of U.S. patent application Ser. No. 14/499,262, filedon Sep. 29, 2014, now U.S. Pat. No. 9,065,936; which was aContinuation-in-Part (CIP) of U.S. patent application Ser. No.13/313,134, filed on Dec. 7, 2011, now U.S. Pat. No. 8,880,023; whichclaimed priority and benefit from U.S. provisional patent applicationNo. 61/457,014, filed on Dec. 9, 2010; all of which are herebyincorporated by reference in their entirety.

FIELD

The present invention is related to the field of wireless communication.

BACKGROUND

Many users utilize laptop computers and Personal Computers (PCs) inorder to access the Internet, browse websites on the World Wide Web,send and receive electronic mail (email), perform online transactions,and engage in various other online activities. Typically, such laptopcomputer or PC may be connected to the Internet through a wired link orthrough a wireless communication link. For example, a laptop computermay connect to the Internet by utilizing one or more IEEE 802.11wireless communication standards or protocols (“Wi-Fi”), by utilizingone or more IEEE 802.16 wireless communication standards or protocols(“Wi-Max”), or by utilizing other suitable communication standards orprotocols.

In the last few years, smartphones have been introduced and have becomeincreasingly popular. A smartphone is a hybrid mobile device whichcombines functions of a cellular phone with functions of a PersonalDigital Assistant (PDA). Furthermore, some smartphones may include, forexample, a built-in camera able to capture photographs and video clips,a high-resolution color screen able to playback videos, GlobalPositioning System (GPS) navigation capabilities, and/or other advancedfeatures.

SUMMARY

In accordance with the present invention, for example, a cellulartraffic monitoring system which may include a traffic detection function(TDF) module to monitor cellular traffic associated with a cellularsubscriber device, and to generate detection output which includes atleast one of: a type of an application associated with said cellulartraffic of said cellular subscriber device, and a type of said cellulartraffic of said cellular subscriber device. The system may furtherinclude a policy charging and enforcement function (PCEF) module toenforce one or more charging rules to said cellular subscriber device,based on said detection output.

In accordance with the present invention, for example, the system mayfurther include an online charging server (OCS) to receive the detectionoutput from the TDF module and to perform online charging.

In accordance with the present invention, for example, the system mayfurther include an offline charging server (OFCS) to receive thedetection output from the TDF module and to perform offline charging.

In accordance with the present invention, for example, the system mayfurther include a policy and charging rules function (PCRF) module tocreate a set of application detection and control (ADC) rules, and toprovide the ADC rules to be enforced by the PCEF module based on saiddetection output.

In accordance with the present invention, for example, the ADC rules mayinclude one or more traffic routing rules.

In accordance with the present invention, for example, the ADC rules mayinclude one or more traffic steering rules.

In accordance with the present invention, for example, the ADC rules mayinclude one or more traffic offloading rules.

In accordance with the present invention, for example, the ADC rules mayinclude one or more rules indicating that one or more supplementalservices are to be applied to said cellular traffic.

In accordance with the present invention, for example, the one or moresupplemental services may include one or more services selected from thegroup consisting of: parental control service, content filteringservice, anti-virus services, anti-malware service, quality of service(QoS) enforcement service, and bandwidth limiting service.

In accordance with the present invention, for example, the ADC rules mayinclude one or more rules for generating usage monitoring reports.

In accordance with the present invention, for example, the TDF modulemay be in direct communication with at least one of: an online chargingserver (OCS) of said system; an offline charging server (OFCS) of saidsystem; a billing domain of said system.

In accordance with the present invention, for example, the TDF modulemay include a payload data inspector to generate the detection output byutilizing a payload data inspection technique.

In accordance with the present invention, for example, the system mayfurther include a first policy and charging rules function (PCRF)module, located in a first cellular network, to create a set ofapplication detection and control (ADC) rules applicable to the firstcellular network, and to transfer the ADC rules to a second PCRF modulelocated in a second cellular network.

In accordance with the present invention, for example, the second PCRFmodule may enforce, in the second cellular network, the ADC rulesreceived from the first PCRF module and generated in the first cellularnetwork.

In accordance with the present invention, for example, the PCEF modulemay be comprised in a cellular gateway.

In accordance with the present invention, for example, the TDF modulemay perform traffic offloading to an offloading network based on saiddetection output.

In accordance with the present invention, for example, the TDF modulemay steer traffic from a home packet data network (PDN) to a localbreakout.

The present invention may provide other and/or additional benefitsand/or advantages.

BRIEF DESCRIPTION OF THE DRAWINGS

For simplicity and clarity of illustration, elements shown in thefigures have not necessarily been drawn to scale. For example, thedimensions of some of the elements may be exaggerated relative to otherelements for clarity of presentation. Furthermore, reference numeralsmay be repeated among the figures to indicate corresponding or analogouselements. The figures are listed below.

FIGS. 1A-1C are schematic block-diagram illustrations of communicationsystems in accordance with the present invention;

FIG. 2 is a schematic diagram demonstrating a flow in accordance withthe present invention;

FIGS. 3A-3B are schematic block diagram illustrations of communicationsystems demonstrating Selected IP Traffic Offload (SIPTO), in accordancewith the present invention; and

FIGS. 4A-4D are schematic block diagram illustrations of systemsdemonstrating flow of traffic and/or signaling through multiplenetworks, in accordance with the present invention.

DETAILED DESCRIPTION

In the following detailed description, numerous specific details are setforth in order to provide a thorough understanding of some embodiments.However, it will be understood by persons of ordinary skill in the artthat some embodiments may be practiced without these specific details.In other instances, well-known methods, procedures, components, unitsand/or circuits have not been described in detail so as not to obscurethe discussion.

Applicants have realized that users are increasingly utilizingsmartphones in order to access the Internet and to engage in varioustypes of online activities. Applicants have realized that it may bebeneficial for cellular service providers to detect such Internetutilization which is performed via smartphones or other mobile devices,and to perform one or more particular operations in response to suchdetections. Such operations may include for example, traffic steering;generation of usage monitoring reports; charging operations; and/orsupplemental services, e.g., content filtering, anti-virus scanning, orthe like.

Reference is made to FIG. 1A, which is a schematic block-diagramillustration of a communication system 101 in accordance with thepresent invention. System 101 may be part of, or may be associated with,a cellular communication network, for example, a Public Land MobileNetwork (PLMN) 190; and may demonstrate the logical architecture ofPolicy and Charging Control (PCC) in a non-roaming scenario. PLMN 190may include at least one cell site (not shown), which in turn mayinclude at least one cell radio (not shown). PLMN 190 may furtherinclude one or more cellular subscribers (not shown).

System 101 may include, for example, a Policy and Charging RulesFunction (PCRF) 111 which may be in communication with a SubscriberProfile Database (SPDB) 112, an Application Function (AF) 113, a BearerBinding and Event Reporting Function (BBERF) 114, a Traffic DetectionFunction (TDF) 115, and a cellular gateway 116. System 101 may furtherinclude an Online Charging System (OCS) 117, and an Offline ChargingSystem (OFCS) 118. Each one of the components of system 101 may beimplemented by utilizing suitable hardware components and/or softwarecomponents, for example, processors, memory units, storage units,network elements, transmitters, receivers, transceivers, OperatingSystem (OS), applications, or the like.

Policy and Charging Rules Function (PCRF) 111 may aggregate data aboutnetwork traffic, may take into account data from Subscriber ProfileDatabase (SPDB) 112, and may generate traffic-handling rules and/ordecisions related to a particular subscriber. In conjunction with suchrules and/or decisions, Traffic Detection Function (TDF) 115 may detectan application that a particular subscriber may be running, and mayenforce traffic-handling rules or other suitable rules (e.g., charging,supplemental services, or the like), optionally utilizing cellulargateway 116 and/or a Policy and Enforcement Charging Function (PCEF) 119which may be included therein.

The present invention may include, for example, traffic detectionfunctionality used for charging, usage monitoring report, additionalservices, and/or traffic steering; as well as traffic detectionfunctionality with application-based charging considerations. Thepresent invention may be used in conjunction with various types ofmobile networks, cellular networks, or wireless communication networks.Particularly, the present invention may be used in conjunction with acellular network that includes QoS features; a cellular network in whichthe quality of an application, as perceived by a subscriber, depends onthe available bitrate and/or depends on link condition; a cellularnetwork in which TDF 115 is deployed within the cellular network itself;a cellular network in which different rate conditions apply to differentsubscribers, and/or apply to different applications used by subscribers.The present invention may allow coupling of charging reportfunctionality and traffic detection functionality, for example, in orderto charge different subscribers and different applications by usingdifferent rates.

In accordance with the present invention, TDF 115 may be deployed in acellular network if detection of application is required, andoptionally, if enforcement of the flows belonging or corresponding tothe application is required. The enforcement operations may include, forexample, gating or blocking of flows; bandwidth limitation of flows;redirection of flows (e.g., to a captive portal); and/or other suitableoperations.

The present invention may allow a mobile network operator to determinewho (e.g., which subscriber, and which subscriber application) may betargeted for applying the functionality of TDF 115. For example, themobile network operator may differentiate between subscribers andapplicative activity, based to business arrangements or considerations(e.g., subscriber package), based on different device usage, based ondifferent locations, based on different (applicative) service, and/orother suitable factors.

Optionally, a mobile network operator may define a requirement to chargedifferently for usage of different applications. Such applications maybe detected by TDF 115, and the differential charging requirement may beenforced by TDF 115 and/or by PCEF 119. Furthermore, TDF 115 may monitorthe usage (e.g., by accumulating used units), and may report the usageto OCS 117 (for online charging) and/or to OFCS 118 (for offlinecharging). Optionally, a Usage Monitoring and Reporting (UMR) module 121may be included in TDF 115 as a sub-unit, or may be implemented as aseparate module or unit which may be associated with TDF 115.

Optionally, a mobile network operator may define a requirement toprovide usage monitoring report to PCRF 111 or to other policy server,for example, for purposes of fair usage of different applications amongdifferent subscribers. Such applications may be detected by TDF 115,which may monitor the usage (e.g., by accumulating used volume), and mayreport the usage to PCRF 111 or to other policy server. Optionally, theusage monitoring and reporting operations may be performed by UMR module121.

Optionally, a mobile network operator may define a requirement tosupport or provide additional services for specific subscribers or typesof subscribers (e.g., to provide parental control with regard tosubscribers that are minor) and/or for specific applications (e.g.,YouTube) or types of applications (e.g., streaming video applications).If such subscriber connects to the network, and/or if such applicationsare detected, then TDF 115 may provide such Value Added Services (VAS),or may route the traffic to allow the provision of such VAS by one ormore other network elements or functional entities which may beimplemented as one or more VAS providers 122 or VAS providing units.

Optionally, a mobile network operator may define a requirement tooptimally route or steer traffic based on the type of application beingused by the subscriber. Such requirement may be enforced by TDF 115, orby a traffic steering module 123 which me be associated with RDF 115.For example, TDF 115 or traffic steering module 123 may route or steertraffic, associated with a particular application or with a type ofapplications, to another network; or may route or steer such trafficfrom a home Packet Data Network (PDN) gateway to a local breakout; ormay otherwise devise and implement a traffic shortcut which may notrequire traffic to travel through a backbone pipeline; or may performother traffic offloading operations, for example, by routing trafficdirectly (e.g., to Internet backbone) instead of indirectly (e.g.,through a cellular operator's core cellular network).

PCRF 111 may include, for example, a network element or node orcomponent which may aggregate information flowing within system 101, orflowing to or from a cellular communication network. For example, system101 may be part of such cellular communication network, or may beassociated with such cellular communication network. PCRF 111 mayoptionally aggregate data from other sources, for example, anoperational support system, a network portal. Based on the aggregatedinformation, PCRF 111 may create rules and generate policy decisions foreach subscriber active on the cellular network. Accordingly, PCRF 111may generate different decisions with regard to different subscribers,for example, providing an increased level or a reduced level of Qualityof Service (QoS) to one or more subscribers or set of subscribers,charging a subscriber an increased rate or a supplemental price due toutilization of a particular application or due to engagement in aparticular online activity, or the like. PCRF 111 may be implemented,for example, as a stand-alone entity or network element in a cellularnetwork; or may be co-located with one or more other elements (e.g.,with TDF 115) within the same entity or network element.

SPDB 112 may include one or more databases or repositories storing dataof cellular subscriber profiles, or storing subscriber-related and/orsubscription-related information which may be utilized for creationand/or implementations of subscription-based policies. Optionally, SPDB112 may be combined with, or distributed across, one or more otherdatabases in system 101 and/or in a cellular network that system 101 maybe part of or associate with. SPDB 112 may be implemented, for example,as a Subscriber Profile Repository (SPR) and/or a User Data Repository(UDR). SPDB 112 may store, for example, subscriber data, subscriptiondata, service configurations, allocated plan prices, and/or othersubscriber-related or subscription-related data.

Optionally, SPDB 112 may store, for example, one or more of thefollowing data items or records: data indicating a subscriber's allowedservices and/or a subscriber's disallowed services; for each allowedservice, an indication of a pre-emption priority; information on asubscriber's allowed QoS or required QoS; an indication of subscribedguaranteed bandwidth and a QoS level associated therewith; asubscriber's charging-related information (e.g., location informationwhich may be relevant for charging); a subscriber's Closed SubscriberGroup (CGS) information reporting rules; a subscriber category; asubscriber's usage monitoring related information; a Multimedia PriorityService (MPS) priority level; a MPS Evolved Packet System (EPS) prioritydata; an Internet Protocol (IP) Multimedia Subsystem (IMS) signalingpriority data; a subscriber's profile configuration indicating whetherapplication detection and control is to be enabled or disabled; aspending limits profile, optionally including, for example, anindication that policy decisions may be based on policy countersavailable at a CS that may have a spending limit associated with it andoptionally including lists or data of the a policy counter; a sponsoreddata connectivity profile information (which may optionally be locallyconfigured at PCRF 111); and/or a list of Application Service Providers(ASPs) and their applications per sponsor identity.

It is noted that SPDB 112 may be accessible by other components ofsystem 101, for example, by OCS 117 and/or by OFCS 118. Such additionallinks to SPDB 112 are not shown in FIG. 1A, as to not over-crowd thedrawing.

AF 113 may include one or more applications which may utilize dynamicpolicy and/or charging control. AF 113 may communicate with PCRF 111 totransfer dynamic session information, which may be taken into accountfor decision-making operations of PCRF 111. AF 113 may receive from PCRF111, for example, Internet Protocol Connectivity Access Network (IP-CAN)information and notifications, e.g., related to IP-CAN bearer levelevents.

For example, AF 113 may receive from PCRF 111 an indication that aparticular service information is not accepted by PCRF 111, togetherwith alternate service information that PCRF 111 may accept. Inresponse, AF 113 may reject the service establishment towards a UserEquipment (UE) which attempts to utilize such service. Optionally, AF113 may forward to such UE the alternate service information that PCRF111 may accept. Optionally, AF 113 may provide to PCRF 111 sponsoreddata connectivity information, and/or a usage threshold; and AF 113 mayfurther request PCRF 111 to report events which may be related tosponsored data connectivity.

BBERF 114 may include a network element able to perform, for example,bearer binding; uplink bearer binding verification event reporting toPCRF 111; sending to PCRF 111, and/or receiving from PCRF 111, one ormore IP-CAN-specific parameters; Service Data Flow (SDF) detection;and/or QoS control, such as, ensuring that the resources which may beused by (or reserved for, or allocated to) an authorized set of SDFs arewithin the authorized resources specified by an “authorized QoS”parameter.

TDF 115 may include a network element or other functional entity able toperform application detection or application traffic detection, as wellas reporting of a detected application and its SDF description to PCRF111 or to other suitable policy server or policy enforcement component.TDF 115 may further perform enforcement of one or more rules pertainingto network traffic, as further detailed herein.

TDF 115 may include, or may be associated with, an ApplicationIdentifier (AI) module 124, which may be able to monitor traffic and/orother parameters in order to identify the application (e.g., YouTube,Skype) and/or a type of application (e.g., streaming video, filesharing) that a subscriber utilizes or attempts to utilize. Optionally,such application identification may be performed by using (payload) datainspection techniques, and not only by relying upon standard or agreedclassifications of known applications. Optionally, TDF 115 may include apayload data inspector to implement one or more (payload) datainspection techniques; or may otherwise utilize one or more Deep PacketInspection (DPI) techniques.

Optionally, if TDF 115 is unable to provide to PCRF 111 a SDF, and/or ifTDF 115 is able to provide to PCRF 111 a SDF, TDF 115 may implementgating, redirection, and bandwidth limitation with regard to thedetected application(s). Alternatively, TDF 115 is able to provide toPCRF 111 a SDF description, operations resulting from applicationdetection may be performed by gateway 116 (e.g., as part of the chargingand policy enforcement per SDF) and/or by BBERF 114 (e.g., as bearerbinding) and/or by TDF 115. Optionally, TDF 115 may further supportusage monitoring, as well as usage reporting functions which mayalternatively be performed by gateway 116.

If TDF 115 is unable to monitor particular events (e.g., related tolocation changes), then TDF 115 may at least provide to PCRF 111 eventtriggers requests, by utilizing, for example, an IP-CAN sessionestablishment procedure, an IP-CAN session modification procedure (e.g.,initiated by gateway 116), a response an IP-CAN session modificationinitiated by PCRF 111, and/or an update procedure for updating thesubscription information in PCRF 111.

Gateway 116 may be a network element or node or cellular gateway (e.g.,a Packet Data Network (PDN) Gateway (P-GW) or other suitable gateway)able to interface with one or more devices, systems and/or networks. Forexample, if General Packet Radio Service (GPRS) communications are used,gateway 116 may be implemented as a Gateway GPRS Support Node (GGSN).Gateway 116 may include Policy and Charging Enforcement Function (PCEF)119, which may perform, for example, SDF detection; policy enforcement;flow-based charging; user plane traffic handling; triggering controlplane session management; QoS handling; SDF measurement; and onlineand/or offline charging interactions. For example, PCEF 119 may operateto ensure that an IP packet, which is discarded at PCEF 119 as a resultfrom policy enforcement or flow-based charging, is not reported foroffline charging and does not cause credit consumption for onlinecharging.

PCEF 119 may utilize one or more suitable methods to enforce policycontrol indicated by PCRF 111, for example: gate enforcement; QoSenforcement based on QoS class identifier correspondence with IP-CANspecific QoS attributes; Policy and Charging Control (PCC) rule QoSenforcement (e.g., to enforce uplink Differentiated Services Code Point(DSCP) marking according to an active PCC rule); and/or IP-CAN bearerQoS enforcement.

Optionally, PCEF 119 may control the QoS that is provided to a combinedset of SDFs. For example, PCEF may ensure that the resources which maybe used by an authorized set of SDFs are within the authorized resourcesspecified by an “authorized QoS” parameter, which may indicate an upperbound for the resources that may be reserved (e.g., Guaranteed Bitrateor GBR) or allocated (e.g., Maximum Bitrate or MBR) for the IP-CANbearer. The authorized QoS information may be mapped by PCEF 119 toIP-CAN specific QoS attributes. During IP-CAN bearer QoS enforcement, ifpacket filters are provided, then PCEF 119 may provide packet filterswith the same content corresponding to the SDF template filtersreceived.

PCEF 119 may further enforce charging control. For example, for a SDF(e.g., defined by an active PCC rule) that may be subject to chargingcontrol, PCEF 119 may allow the SDF to pass through PCEF 119 only ifthere is a corresponding active PCC rule and, for online charging, OCS117 authorized credit for the suitable charging key. PCEF 119 may allowa SDF to pass through PCEF 119 during the course of creditre-authorization procedure.

For a SDF (e.g., defined by an active PCC rule) that is subject to bothpolicy control and charging control, PCEF 119 may allow the SDF to passthrough PCEF 119 only if both control conditions hold true; for example,only if the corresponding gate is open and also, in case of onlinecharging, OCS 117 authorized credit for its charging key. Alternatively,for a SDF that is subject to policy control only and not chargingcontrol, PCEF 119 may allow the SDF to pass through PCEF 119 if theconditions for policy control are met.

PCEF 119 may be served by one or more PCRF nodes, which may be similaror identical to PCRF 111. For example, PCEF 119 may contact theappropriate PCRF node based on the Packet Data Network (PDN) connectedto, and/or based on UE identity information (which, optionally, may beIP-CAN specific). PCEF 119 may support predefined PCC rules.Furthermore, PCEF 119 may modify or replace a (non-predefined) PCC rule,upon request from PCRF 111.

Optionally, PCEF 119 may inform PCRF 111 about the outcome of a PCC ruleoperation. For example, if network initiated procedures apply for thePCC rule, and the corresponding IP-CAN bearer may not be established ormodified to satisfy the bearer binding, then PCEF 119 may reject theactivation of the PCC rule. Upon rejection of PCC rule activation, PCRF111 may modify the attempted PCC rule, may de-activate or modify otherPCC rules, may retry activation of the PCC rule, or may abort theactivation attempt, and may optionally inform AF 113 that transmissionresources are not available.

OCS 117 may include a network module or server able to perform onlinecharging; whereas OFCS 118 may include a network module or server ableto perform offline charging. Charging may include a series of operationsin which information related to a chargeable event is collected,formatted, and transferred in order to enable determination of usage forwhich the charged party (e.g., a subscriber) may be billed.

OFCS 118 may perform offline charging, such that charging informationmay not affect in real-time the service rendered. OFCS 118 may perform,for example, transaction handling, rating, and offline correlation andmanagement of subscriber account balances.

OCS 117 may perform online charging, such that charging information mayaffect in real-time the service rendered, and therefore a directinteraction of the charging mechanism with bearer control, sessioncontrol or service control may be required. OCS 117 may optionallyinclude a SDF-based credit control module, which may perform real-timecredit control; as well as real-time transaction handling, rating, andonline correlation and management of subscriber account balances.

OCS 117 and/or OFCS 118 may utilize Charging Data Records (CDRs) 125,which may include a formatted collection of information about achargeable event (e.g., time of call set-up, duration of the call,amount of data transferred, or the like) which may be used in billingand accounting. For each party (e.g., subscriber) to be charged, forparts the charges or for all charges of a chargeable event, a separateCDR 125 may be generated or utilized; and more than one CDR125 may begenerated for a single chargeable event, e.g. due to a long eventduration, or if two or more charged subscribers are to be charged.

Optionally, CDRs 125, as well as OCS 117 and/or OFCS 118, may beassociated with a billing domain 127, which may receive and process CDRs125, and may provide billing mediation, statistical applications, orother billing-related applications. Optionally, billing domain 127 maybe external to the core of system 101; yet it may be in communicationwith TDF 115, with OCS 117 and/or with OFCS 118, through suitableinterfaces. It is noted that TDF 115 may be able to communicate,directly or indirectly, with billing domain 127, even though a linkbetween TDF 115 and billing domain 127 is not shown in FIG. 1A, as tonot over-crowd the drawing.

It is noted that various components may be implemented within a singleor a common physical unit, or may be otherwise co-located. For example,one or more functions of TDF 115 and/or PCRF 111 and/or PCEF 119 may beimplemented (in whole or in part) by using a policy server or othersuitable component(s) or module(s). Such policy server, for example, mayperform both the policy control decision functionality as well as theapplication-based charging control functionality. Optionally, the policyserver may be implemented as a stand-alone entity within the mobilenetworks (e.g., as PCRF 111), or may be co-located with TDF 115 withinthe same unit or network entity. Optionally, TDF 115 may be implementedas a stand-alone entity within the mobile networks, or may beimplemented as a sub-unit or module within gateway 116 (e.g.,implemented as PDN Gateway (P-GW) or as GGSN) or within other localgateway (e.g., physically located near a radio network).

TDF 115 may be deployed in a home (non-roaming) network, as well as in avisited (roaming) network, both for home routed access and for localbreakout scenarios. TDF 115 may be deployed in a local network, forexample, near a local gateway which may be used both for traffic routedto the home network and for traffic routed locally.

Reference is made to FIG. 1B, which is a schematic block-diagramillustration of a communication system 102 in accordance with thepresent invention. System 102 of FIG. 1B may be similar to system 101 ofFIG. 1A. However, whereas system 101 of FIG. 1A may be associated with asingle PLMN 190, system 102 of FIG. 1B may be associated with two (ormore) cellular networks, for example, a Home PLMN (H-PLMN) 191 in whicha subscriber may be regarded as non-roaming, and a Visited PLMN (V-PLMN)192 in which the subscriber may be regarded as roaming. A dashed line199 may indicate a separation between the two cellular networks, H-PLMN191 and V-PLMN 192.

Furthermore, instead of having a single PCRF node, denoted PCRF 111 inFIG. 1A, system 102 of FIG. 1B may include two (or more) PCRF nodes, forexample, a Home PCRF (H-PCRF) denoted 111H, and a Visited PCRF (V-PCRF)denoted 111V, which may be in communication with each other. All thecomponents that are shown in FIG. 1A as connected to or associated withPCRF 111, may be connected to or associated with H-PCRF 111H in FIG. 1B;except for BBERF 114, which in system 102 may be connected to orassociated with V-PCRF 111V rather than with H-PCRF 111H. Thefunctionality of such components remains as described above. System 102may demonstrate the logical architecture of PCC in a roaming scenariohaving home-routed access.

Reference is made to FIG. 1C, which is a schematic block-diagramillustration of a communication system 103 in accordance with thepresent invention. System 103 of FIG. 1C may be similar to system 102 ofFIG. 1B. For example, system 103 of FIG. 1C may be associated with two(or more) cellular networks, for example, H-PLMN 191 in which asubscriber may be regarded as non-roaming, and V-PLMN 192 in which thesubscriber may be regarded as roaming. A dashed line 199 may indicate aseparation between the two cellular networks, H-PLMN 191 and V-PLMN 192.

Similarly to system 102 of FIG. 1B, system 103 of FIG. 1C may includetwo (or more) PCRF nodes, for example, H-PCRF 111H and V-PCRF 111V,which may be in communication with each other. Furthermore, each one ofthese PCRF nodes may be associated with a separate AF node, for example,AF 113H and AF 113V, respectively. System 103 may demonstrate thelogical architecture of PCC in a roaming scenario in which PCEF 119 maybe located in the visited cellular network, V-PLMN 12, optionallyutilizing local breakout.

Referring back to FIG. 1A, system 101 may be used in order to performvarious processes or operations based on the traffic detectionfunctionality. The discussion herein demonstrates five demonstrativeimplementations of such operations; other suitable operations may beused. It is noted that two or more operations that are described hereinmay be performed in parallel, or may co-exist and concurrently apply tothe cellular session of the same subscriber.

In a first demonstrative implementation, system 101 may be used toperform charging based on traffic detection functionality. For example,a cellular communication session of a subscriber may start. PCRF 111 maybe informed about the start of the cellular session. Furthermore, PCRF111 may be provided with one or more session parameters, e.g.,subscriber identification, subscriber location, device characteristics,or the like.

PCRF 111 may then create Application Detection and Control (ADC) rules,and may provide them to TDF 115. The ADC rules may be based on thesubscriber profile which may be received from SPDB 112. The ADC rulesmay include, for example, application identifiers corresponding toapplications that are intended to be detected; one or more enforcementactions to be applied to identified applications, once detected; andcharging directives for these applications, once detected.

The charging directives may include, per each one of the applicationidentifiers, one or more parameters, for example, a charging key todetermine the tariff to apply for the application, once detected; acharging method to indicate the required charging method (e.g., onlinecharging, offline charging, or no charging); and a measurement method toindicate which application-related or traffic-related parameter is to bemeasured for charging purposes (e.g., application data volume, timeduration, combined volume/duration, occurrence of a triggering event, orthe like).

The ADC rules may be applied by TDF 115. For example, upon detection ofthe application, one or more of the actions may be enforced by TDF 115,in accordance with the relevant ADC rules. Then, TDF 115 may establish aconnection with a charging server, for example, with OCS 117 or withOFCS 118, as indicated by the charging method information received fromPCRF 111.

Optionally, if offline charging is required, TDF 115 may contact OFCS117, or alternatively TDF may contact billing domain 127, e.g., directlyor indirectly. TDF 115 may be configured to select between multiplecommunication routes for offline charging. Connection between TDF 115and billing domain 127 may be established, for example, at sessionestablishment, or upon creation of a first CDR 125 or at other suitabletime. The connection may be established, for example, through aninterface between TDF 115 and OCS 117; through an interface between TDF115 and OFCS 118; or through an interface between TDF 115 and billingdomain127. TDF may further transfer the charging key to the suitablecharging server, together with the application identifier.

Subsequent to establishment of connection between TDF 115 and a chargingserver, TDF 115 may receive charging acknowledgement from the chargingserver. If online charging is used, the charging acknowledgement mayinclude an indication of the measurement method and/or the amount ofgranted data volume, duration, combined volume durations, or events forwhich charging was authorized by the charging server.

Optionally, the charging server may restrict the validity time for agrant. In such case, upon validity time expiration, TDF 115 may informthe charging server about used grant.

Optionally, the charging server may provide to TDF 115 one or morerestriction indications, requiring to redirect or to terminate theapplication at a particular point in time. In such case, TDF 115 mayenforce the restriction indications, and may transfer suitablenotifications to PCRF 111.

TDF 115 may apply the required charging measurement method with thecorresponding grant to the corresponding detected application (e.g.,defined by the application identifier). Optionally, TDF 115 may send anotification to the charging server, for example, to indicate that TDF115 received from PCRF 111 updated ADC rules, to indicate detection ofapplication, to indicate grant expiration, to indicate an appliedrestriction action, or other suitable notification.

Upon termination of the cellular session, TDF 115 may receive a suitablemessage from PCRF 111; and TDF 115 may inform the charging server, withthe used grants per each of the corresponding applications.

In a second demonstrative implementation, system 101 may be utilized forusage monitoring reporting based on traffic detection functionality. Forexample, a cellular communication session of a subscriber may start.PCRF 111 may be informed about the start of the cellular session.Furthermore, PCRF 111 may be provided with one or more sessionparameters, e.g., subscriber identification, subscriber location, devicecharacteristics, or the like.

PCRF 111 may then create Application Detection and Control (ADC) rules,and may provide them to TDF 115. The ADC rules may be based on thesubscriber profile which may be received from SPDB 112.

The ADC rules may include, for example, application identifiers for theapplications to be detected. The ADC rules may further include one ormore enforcement actions to be applied to such applications, upon theirdetection; and may further include usage monitoring directives for suchapplications, upon their detection.

The usage monitoring directives may include, per each one of theapplication identifiers, one or more parameters, for example, the eventtrigger to trigger the report from TDF 115 to PCRF 111, and/or thegranted volume (e.g., in total, in uplink, or in downlink).

The ADC rules may be applied by TDF 115. For example, upon detection ofthe application, one or more of the actions may be enforced by TDF 115,in accordance with the relevant ADC rules. Furthermore, upon detectionof the application, TDF 115 may begin to count the volume, perdirective, received from PCRF 111.

At any point in time, or periodically, PCRF 111 may request from TDF 115a report about used volume; and TDF 115 may provide such report to PCRF111 upon such request.

At any point of time, or periodically, PCRF 111 may disable the usagemonitoring that TDF is performing. Such disablement may be performedseparately and/or selectively, per each monitored applications. Uponsuch disablement, TDF 115 may report the used volume to PCRF 111, andthen TDF may disable the usage monitoring.

At any point of time, upon grant exhaustion, TDF 115 may report to PCRF111 by using the provisioned event trigger.

At any point of time, or periodically, PCRF 111 may send updated volumegrants to TDF 115, and TDF 115 may then utilize the updated values.

Optionally, PCRF 111 may deactivate the ADC rules; and in such case, TDF115 may report the used volume PCRF 111 and may then disable the usagemonitoring.

Upon session termination, TDF 115 may receive a corresponding messagefrom PCRF 111. Then, TDF 115 may inform PCRF 111 with the used grantsper each of the corresponding applications that were subject to usagemonitoring.

In a third demonstrative implementation, system 101 may be utilized forproviding VAS based on traffic detection functionality. For example, acellular communication session of a subscriber may start. PCRF 111 maybe informed about the start of the cellular session. Furthermore, PCRF111 may be provided with one or more session parameters, e.g.,subscriber identification, subscriber location, device characteristics,or the like.

PCRF 111 may then create Application Detection and Control (ADC) rules,and may provide them to TDF 115. The ADC rules may be based on thesubscriber profile which may be received from SPDB 112.

The ADC rules may include, for example, application identifiers for theapplications to be detected. The ADC rules may further include one ormore enforcement actions to be applied to such applications, upon theirdetection; and may further include VAS for the specified subscriber'ssession. Such VAS may include, for example, parental control, anti-virusor anti-malware protection or scanning, content filtering, caching,video optimization, or other suitable services. Optionally, one or moreVAS may be added, in parallel, to the same subscriber's session.

Optionally, the VAS description as received form PCRF 111, may furtherinclude one or more parameters. For example, if an indicated VAS is“parental control”, a suitable parameter may indicate a type or profileof parental control intended to be applied.

The VAS may be applied by TDF 115, and/or by other suitable component(s)able to provide VAS (e.g., one or more VAS providers 122). Optionally,TDF 115 may steer traffic to VAS providers 122, and TDF 115 may routetraffic back from VAS providers 122 to the cellular network.

Upon session termination, TDF 115 may receive the corresponding messagefrom PCRF 111, and may deactivate or terminate the VAS.

In a fourth demonstrative implementation, system 101 may be utilized fortraffic routing based on traffic detection functionality. For example,gateway 116 may be a local gateway which may perform both offloading androuting to the core network. TDF 115 may be above gateway 116, or TDF115 may be collocated with gateway 116; and the network operator may usegateway 116 for both offloaded traffic and routed traffic. Optionally,some traffic may be offloaded locally; while traffic for operatorservices may also utilize the same gateway 116 but may be routed withinthe operator's network.

A cellular communication session of a subscriber may start. PCRF 111 maybe informed about the start of the cellular session. Furthermore, PCRF111 may be provided with one or more session parameters, e.g.,subscriber identification, subscriber location, device characteristics,or the like.

PCRF 111 may then create Application Detection and Control (ADC) rules,and may provide them to TDF 115. The ADC rules may be based on thesubscriber profile which may be received from SPDB 112.

The ADC rules may include, for example, application identifiers for theapplications to be detected. The ADC rules may further include one ormore enforcement actions to be applied to such applications, upon theirdetection; and may further include routing rules for such applications,upon their detection.

TDF 115 may apply the ADC rules. For example, upon detection of theapplication, one or more of the actions may be enforced by TDF 115, inaccordance with the ADC rules. Furthermore, based on the type of thedetected application, and based on the received routing rules, TDF 115may perform traffic routing, for example, either locally or to themobile operator's network.

In a fifth demonstrative implementation, system 101 may be utilized fortraffic steering based on traffic detection functionality. For example,gateway 116 may be a local gateway which may perform traffic offloading;and a separate gateway may be used for traffic routing in the operator'score network. TDF 115 may be above gateway 116, or TDF 115 may becollocated with gateway 116. Optionally, some traffic may be offloadedlocally; while traffic for operator services may be routed within theoperator's network by using the separate gateway.

A cellular communication session of a subscriber may start. Traffic maybe offloaded locally, for example, based on Access Point Name (APN).

PCRF 111 may be informed about the start of the cellular session.Furthermore, PCRF 111 may be provided with one or more sessionparameters, e.g., subscriber identification, subscriber location, devicecharacteristics, or the like.

PCRF 111 may then create Application Detection and Control (ADC) rules,and may provide them to TDF 115. The ADC rules may be based on thesubscriber profile which may be received from SPDB 112.

The ADC rules may include, for example, application identifiers for theapplications to be detected. The ADC rules may further include one ormore enforcement actions to be applied to such applications, upon theirdetection; and may further include re-routing rules or steering rulesfor such applications, upon their detection.

TDF 115 may apply the ADC rules. For example, upon detection of theapplication, one or more of the actions may be enforced by TDF 115, inaccordance with the ADC rules. Furthermore, based on the type of thedetected application, and based on the received re-routing rules orsteering rules, TDF 115 may perform traffic re-routing or trafficsteering. For example, TDF 115 may re-route traffic to the operator'snetwork, e.g., for one or more VAS which may be available at theoperator's network.

Reference is made to FIG. 2, which is a diagram 200 demonstrating a flowin accordance with the present invention. Diagram 200 may demonstratesignaling among components of system 102 of FIG. 1B, or among componentssystem 103 of FIG. 1C.

Diagram 200 may also demonstrate signaling by components of system 101of FIG. 1A, if the two PCRF nodes (PCRF 111V and PCRFH) are regarded asa single PCRF node (PCRF 111).

For demonstrative purposes, the discussion herein may refer to diagram200 in conjunction with a possible usage by system 102 of FIG. 1B.Diagram 200 may demonstrate establishment of a connection between TDF115 and OCS 117 as a result of application detection in accordance withADC rules.

AF 113 may signal to H-PCRF 111H an application or service information(arrow 1 a); and TDF 115 may signal to H-PCRF 111H service trafficdetection (arrow 1 b).

H-PCRF 111H may signal an acknowledgment (ACK) back to AF 113 (arrow 2),and may perform a policy decision to create or modify ADC rules (block3).

The created or modified ADC rules, together with acknowledgment, may besent by H-PCRF 111H to TDF 115 (arrow 4), optionally passing throughV-PCRF 111V.

Upon receiving the ADC rules, TDF 115 may send to OCS 117 a request forcharging rules (arrow 5). In response, OCS 117 may send to TDF 115 anacknowledgment (ACK) together with the relevant charging rules (arrow6).

Then, gateway control and provisioning of QoS rules may be performed,for example, by BBERF 112, by PCEF 116, by TDF 115, by H-PCRF 111H, andoptionally by V-PCRF 111V (block 7). For example, H-PCRF 111H mayprovide policy and charging rules to PCEF 116 (arrow 8), and PCEF 116may enforce the policy and rules (block 9).

Optionally, a credit request may be signaled by PCEF 116 to OCS 117(arrow 10); and a credit response may be signaled back by OCS 117 toPCEF 116 (arrow 11).

Optionally, IP-CAN bearer signaling may be performed from PCEF 116 toBBERF 112 (arrow 12), and subsequently from BBERF 112 to PCEF 116 (arrow13). An acknowledgement may then be signaled from PCEF 116 to H-PCRF111H (arrow 14), optionally passing through V-PCRF 111V. Finally, H-PCRF111H may notify AF 113 about bearer level event (arrow 15), and mayreceive from AF 113 an acknowledgement in response (arrow 16).

The above-mentioned flow and signaling may be utilized in conjunctionwith charging, and/or with other suitable operations or processes.

Reference is made to FIG. 3A, which is a schematic block diagramillustration of a communication system 301 demonstrating Selected IPTraffic Offload (SIPTO), in accordance with the present invention.System 301 may include, for example, a Mobile Station (MS) 314, a RadioAccess Network (RAN) 313 including at least one Radio Network Controller(RNC) 312, a Local GGSN (L-GGSN) 311, a TDF 310, a Serving GPRS SupportNode (SGSN) 315 having Gn/Gp interface, and a Core Network (CN) 316.

As indicated by an arrow 321, traffic may flow, for example, from MS 314to RNC 312; may proceed from RNC 312 to L-GGSN 311; and may then proceedfrom L-GGSN 311 to TDF 310. Then, TDF 310 may steer or route traffic,either as conventional SIPTO traffic 317, or through a shortcut(indicated by an arrow 322) to CN 316.

L-GGSN 311 may serve as local gateway for offloading traffic, as well asfor routing traffic to CN 316. TDF may be implemented above L-GGSN 311,or may be collocated with L-GGSN 311; and the network operator mayutilize L-GGSN 311 for handling both types of traffic, i.e., offloadedtraffic and routed traffic.

Optionally, some traffic may be offloaded locally by L-GGSN 311; whereastraffic for operator services may utilize L-GGSN 311 but may be routedwithin the operator's network; optionally. Based on the type of detectedtraffic, TDF 310 may perform differential routing or steering.

Optionally, offloading policies may be sent to TDF 310, for example, byPCRF 311 or, optionally, pre-provisioned at TDF 310. Optionally, TDF 310may perform traffic steering upon detection for TCP services.

Reference is made to FIG. 3B, which is a schematic block diagramillustration of a communication system 302 demonstrating SIPTO, inaccordance with the present invention. System 302 of FIG. 3B may begenerally similar to system 301 of FIG. 3A; yet in system 302, both SGSN315 and a GGSN 319 may be part of CN 316.

As indicated by an arrow 321, traffic may flow, for example, from MS 314to RNC 312; may proceed from RNC 312 to L-GGSN 311; and may then proceedfrom L-GGSN 311 to TDF 310. Then, TDF 310 may steer or route traffic,either as conventional SIPTO traffic 317, or through a shortcut(indicated by an arrow 322) to CN 316.

L-GGSN 311 may serve as local gateway for offloading traffic, as well asfor routing traffic to CN 316. TDF may be implemented above L-GGSN 311,or may be collocated with L-GGSN 311.

Optionally, some traffic may already be offloaded, for example, Internettraffic which may be offloaded per Access Point Name (APN). TDF 310 mayrecognize that a particular type of the traffic (e.g., streaming video)and a particular type of application (e.g., YouTube application or Skypeapplication) may be routed to CN 316, for example, in order to applyadditional services (e.g., video caching). TDF 310 may thus route suchtraffic directly to CN 316 (as indicated by an arrow 325), for example,instead of locally routing the traffic to the Internet (arrow 321).

Optionally, offloading policies may be transferred to TDF 310, forexample, from PCRF 311 or, optionally, pre-provisioned at TDF 310.Optionally, TDF 310 may perform traffic steering upon detection for TCPservices.

Referring to both FIGS. 3A and 3B, the SIPTO provided by systems 301 or302 may optionally be modified. For example, a Home Subscriber Server(HSS) (not shown) may include, for each subscriber, also an indication(e.g., per APN) of whether SIPTO is enabled or disabled. Optionally, inLong Term Evolution (LTE) and/or 4G networks, a Serving Gateway (S-GW)may utilize Tracking Area ID (TAI) or NodeB ID, for example, duringDomain Name System (DNS) interrogation to find the PDN gateway ID.Optionally, in 3G networks, SGSN 315 may utilize Routing Area Identity(RAI) or an ID of serving RNC 312. Optionally, in a roaming scenario,SIPTO may not be generally available for the home routed traffic; yetSIPTO may be available for a local breakout.

Reference is made to FIG. 4A, which is a schematic block diagramillustration of a system 491 demonstrating flow of traffic and/orsignaling through multiple networks, in accordance with the presentinvention. System 491 may demonstrate Wireless LAN (WLAN) offload byusing TDF, depicted in a non-roaming scenario. System 491 may include,for example, a User Equipment (UE) 410, a customer services network 401,a Broadband Forum (BBF) network 402, an Evolved Packet Core (EPC)network 403, and an offloading network 404 to which traffic may beoffloaded. System 491 may be utilized to transfer offloaded traffic(e.g., indicated by a path 451) and/or non-offloaded traffic (e.g.,indicated by paths 452 and 453).

UE 410 may communicate with customer premises network 401, for example,wirelessly through a wireless Access Point (AP) 411. Optionally, a BBFdevice 412 may similarly communicate with customer premises network 401.

In customer premises network 401, traffic may be routed through aRouting Gateway (RG) 421 to BBF network 402. In BBF network 402, anAccess Network (AN) 422, for example, a Digital Subscriber Line (DSL)Access Multiplexer (DSLAM) box or an Optical Network Terminal (ONT), mayroute the traffic further to a Broadband Remote Access Server(BRAS)/Broadband Network Gateway (BNG) 423.

From BRAS/BNG 423, traffic may be routed to EPC network 403. Forexample, signaling may flow towards EPC network 403, either directly; orvia a BBF Policy Control Function (BPCF) 424 which may be incommunication with a PCRF 432 of EPC 403; or via a BBF Authentication,Authorization and Accounting (AAA) proxy 425 which may be incommunication with a 3GPP AAA server 443 of EPC network 403.

Optionally, BRAS/BNG 423 may route traffic to TDF 433 (which may besimilar to TDF 115 of FIG. 1A), which in turn may steer or route thetraffic to offloading network 404, which may include an IP service 430(e.g., in an operator-managed domain); or to other suitable component inEPC network 403, for example, to PCRF 432. Furthermore, EPC network 403may include an OCS 441 and/or an OFCS 442, which may be in communicationwith 3GPP AAA server 443, and may optionally be in direct communicationwith TDF 433.

System 491 may support both online charging and offline charging.Optionally, separate accounting data may be provided for offloadedtraffic and for home routed traffic. EPC network 403 may control theaccounting and charging; and system 491 may allow volume-based,time-based and/or event-based accounting and charging. System 491 mayutilized ADC rules which may include control for charging parameters(e.g., transferred from PCRF 432 to TDF 433) to allow charging foroffloaded traffic. Optionally, the accounting or charging informationmay be provided at application level. Optionally, the accounting orcharging information may be provided at TDF 433 session level. Thecommunication between TDF 433 and OCS 441 and/or OFCS 442 may beimplemented, for example, similar to a Gy/Gz interface.

Reference is made to FIG. 4B, which is a schematic block diagramillustration of a system 492 demonstrating flow of traffic and/orsignaling through multiple networks, in accordance with the presentinvention. System 492 may demonstrate Wireless LAN (WLAN) offload byusing TDF, depicted in a roaming scenario. System 492 of FIG. 4A may begenerally similar to system 491 of FIG. 4A; however, instead of having asingle EPC network 403 as in system 491, system 492 may have two EPCnetworks, for example, an EPC V-PLMN 403V (which may include TDF 433)and an EPC H-PLMN 403H. For example, traffic and/or signaling may flowfrom EPC V-PLMN 403V and an EPC H-PLMN 403H; for example, from a V-PCRFnode 432V to a H-PCRF node 432H; and from a 3GPP AAA proxy 443V to a3GPP AAA server 443H.

Reference is made to FIG. 4C, which is a schematic block diagramillustration of a system 493 demonstrating flow of traffic and/orsignaling through multiple networks, in accordance with the presentinvention. System 493 may demonstrate non-roaming architecture for fixedbroadband access interworking traffic offloaded to Broadband NetworkGateway (BNG) (e.g., Converged PCRF). System 493 may include, forexample, a User Equipment (UE) 410 able to communicate with customerpremises network 401; and system 493 may further include BBF definedaccess and network 402, a 3GPP EPC network 405, and an offloadingnetwork 404. Paths 461 and 462 may demonstrate signaling and/or trafficrouting associated with traffic that flows to or from UE 410; whereas apath 463 may demonstrate signaling and/or traffic routing associatedwith traffic that flows to or from BBF device 412.

Optionally, BRAS/BNG 423 may route traffic to TDF 433 (which may besimilar to TDF 115 of FIG. 1A), which in turn may steer or route thetraffic to offloading network 404, which may include an IP service 430(e.g., in an operator-managed domain); or to other suitable component inEPC network 405, for example, to PCRF 432. Furthermore, EPC network 405may include an OCS 441 and/or an OFCS 442, which may be in communicationwith 3GPP AAA server 443, and may optionally be in direct communicationwith TDF 433.

System 493 may support both online charging and offline charging.Optionally, separate accounting data may be provided for offloadedtraffic and for home routed traffic. EPC network 405 may control theaccounting and charging; and system 493 may allow volume-based,time-based and/or event-based accounting and charging. System 493 mayutilized ADC rules which may include control for charging parameters(e.g., transferred from PCRF 432 to TDF 433) to allow charging foroffloaded traffic. Optionally, the accounting or charging informationmay be provided at application level. Optionally, the accounting orcharging information may be provided at TDF 433 session level. Thecommunication between TDF 433 and OCS 441 and/or OFCS 442 may beimplemented, for example, similar to a Gy/Gz interface.

Reference is made to FIG. 4D, which is a schematic block diagramillustration of a system 494 demonstrating flow of traffic and/orsignaling through multiple networks, in accordance with the presentinvention. System 494 may be generally similar to system 493 of FIG. 4C;however, system instead of having a single EPC network 403 as in system493, system 494 may have two EPC networks, for example, an EPC V-PLMN405V (which may include TDF 433) and an EPC H-PLMN 405H. For example,traffic and/or signaling may flow from EPC V-PLMN 405V to EPC H-PLMN405H; for example, from a V-PCRF node 432V to a H-PCRF node 432H; andfrom a 3GPP AAA proxy 443V to a 3GPP AAA server 443. Similarly, each EPC(405V, 405H) may be associated with a corresponding offloading network(404A, 404B), which in turn may include operator's IP services (430A,430B). Routing and/or signaling may be demonstrated by paths 471-472.Optionally, TDF 433 within EPC 405V may be in direct communication withOCS 441 of EPC 405H, and/or with OFCS 442 of EPC 405H, and/or with IPservice 430A of offloading network 404A.

Optionally, BRAS/BNG 423 may route traffic to TDF 433 (which may besimilar to TDF 115 of FIG. 1A), which in turn may steer or route thetraffic to offloading network 404A, which may include an IP service 430A(e.g., in an operator-managed domain); or to other suitable component inEPC network 405V, for example, to V-PCRF node 432V. In turn, V-PCRF node432V may be in communication with H-PCRF node 432H of EPC 405H.Furthermore, EPC network 405H may include an OCS 441 and/or an OFCS 442,which may be in communication with 3GPP AAA server 443, and mayoptionally be in direct communication with TDF 433 of EPC network 405V.Optionally, TDF 433 may be in direct contact with OCS 441 and/or OFCS442, even though they may be belong to another cellular network.

System 494 may support both online charging and offline charging.Optionally, separate accounting data may be provided for offloadedtraffic and for home routed traffic. EPC networks 405H and/or 405V maycontrol the accounting and charging; and system 494 may allowvolume-based, time-based and/or event-based accounting and charging.System 494 may utilized ADC rules which may include control for chargingparameters (e.g., transferred from PCRF 432H to PCRF 432V to TDF 433) toallow charging for offloaded traffic. Optionally, the accounting orcharging information may be provided at application level. Optionally,the accounting or charging information may be provided at TDF 433session level. The communication between TDF 433 and OCS 441 and/or OFCS442 may be implemented, for example, similar to a Gy/Gz interface

With regard to FIGS. 4A-4D, it is noted that direct communication mayexist between TDF 433 and OCS 441, which may be located in the same EPCnetwork or in another EPC network. Similarly, direct communication mayexist between TDF 433 and OFCS 442, which may be located in the same EPCnetwork or in another EPC network. Furthermore, direct communication mayexist between TDF 433 and IP service 430, which may be located inanother network (e.g., offloading network 404). It is further clarifiedthat although the drawings may depict traffic routing paths and/orsignaling paths, BPCF 424 may be on the signaling path (and not ontraffic routing path); and similarly, BBF AAA servers or proxies may beon the signaling path (and not on traffic routing path).

In some embodiments, the TDF module may operate as traffic classifierfor service chaining; and may classify and route traffic into (ortowards) different Service Functions, which may comprise differentservice chains based on ADC Rules received from the PCRF module. Suchservice functions, which may also be referred to herein as “supplementalservices” or “value-added services”, may comprise Quality of Service(QoS) enforcement service function, bandwidth limiting service function,and/or other service functions (e.g., parental control service, contentfiltering service, anti-virus services, anti-malware service).

In order to realize efficient and flexible mobile service steering inthe (S)Gi-LAN, the mobile network operator may use some information(e.g., user profile, RAT type, application characteristics) to definetraffic steering policies. The traffic steering policies may be used tosteer the subscriber's traffic data to appropriate enablers (e.g.,parental control service, content filtering service, anti-virusservices, anti-malware service, NAT, FW) in (S)Gi-LAN. For example, in3GPP Core Network, the TDF module (or the PCEF module enhanced with ADC)may be used to classify and route traffic into different ServiceFunctions which may comprise different service chains based on ADC Rulesreceived from the PCRF.

In some embodiments, the TDF module may enable selective servicesteering of Internet traffic to a first service chain, based on one ormore parameters; while steering other Internet traffic to a secondservice chain, based on same or other parameters. For example, selectiveservice steering may be based on application characteristics; in case ofdetected video application (e.g., the detection is applied by the TDFmodule), the detected video traffic needs to be sent for video caching;and therefore the service chain may comprise video caching servicefunction. Whereas, in case of HTTP application (e.g., the detection isapplied by the TDF module), the service chain may comprise Firewallservice function and then Parental control Service Function.

In some embodiments, the TDF module may be used for mitigation of RANUser Plane congestion. For example, in case of RAN User Plan congestion(or, relief of RAN User Plane congestion), the PCRF module may receivesuch an indication and may construct and send appropriate ADC Rules tothe TDF (e.g., bandwidth limitation for specified applications) in orderto mitigate RAN user plan congestion. A RAN user plane congestionmanagement (or mitigation) function or module, may address how thesystem effectively mitigates RAN user plane congestion to reduce thenegative impact on the perceived service quality. The congestionmitigation measures may comprise, for example, traffic prioritization,traffic reduction and/or limitation of traffic. The congestionmitigation may manage user plane traffic across a range of variables,including for example, the user's subscription, the type of application,and the type of content. Congestion mitigation may be performed in theRAN or in the Core Network (CN), or in a combined manner both in the RANand in the CN.

The RAN user plane congestion mitigation in the CN may utilize RANOperation, Administration and Maintenance (OAM) information, collectedby a RAN Congestion Awareness Function (RCAF), to detect RAN user planecongestion. The RCAF may transfer RAN user plane congestion informationto the PCRF over the Np reference point, in order to mitigate the RANuser plane congestion by measures selected by the PCRF from a pool ofone or more mitigation measurements. The mitigation may be performed bythe TDF module, for example while receiving an appropriate ApplicationDetection and Control (ADC) Rules from the PCRF, or by the PCEF or bythe AF. Decisions to select and/or apply congestion mitigation measuresmay take into account, for example, operator policies, subscriberinformation, and/or additional available IP-CAN session information.Different mechanisms and mitigation actions may be used to mitigate RANUser Plane Congestion; for example, service gating, application gating,service bandwidth limitation, application bandwidth limitation,deferring of services, and/or other suitable measures.

Some embodiments may not require (or, may not utilize) “real time”congestion awareness and then mitigation in the Core Network; since suchapproach may be wrong, as real time congestion awareness and subsequentimmediate handling can only be applied in the RAN and not in the CN, dueto multiple reasons (e.g., dedicated or proprietary algorithms in RANfor handling this; RAN-CN signaling storm; lack of synchronization inapplying congestion mitigation measures in RAN and/or in CN). Someembodiments may avoid or prevent creation of a “signaling storm” whichmay be created as a result of such (un-needed) reports from RAN to CN,as the RAN works on top of its capacity normally, and changes fromcongestion to non-congestion state may occur all the time). Accordingly,some embodiments of the present invention may utilize a solution whichis RAN OAM based, which typically works on minutes basis (or, dozens ofminutes basis) and which handles and identifies and resolves “long-termcongestion” and not real-time congestion or momentary congestion. Someembodiments may not utilize a “probe” based method, but rather, mayutilize RAN OAM as the source for determining or identifying long-term(non-momentary) traffic congestion. Some embodiments may not need toutilize a DPI module collocated with the PCEF module (PCEF moduleenhanced with ADC), but rather, may utilize a standalone DPI module(i.e., the TDF module).

The present invention may operate, and may have a structure, in contrastto systems which only co-locate a DPI module with GGSN/PGW (e.g., theDPI module being part of GGSN/P-GW (Packet data network Gateway)—in sucha case it is called “PCEF module enhanced with ADC”). In contrast, thepresent invention enables a stand-alone TDF module, having its owninterface to PCRF module and/or to OCS and/or to OFCS, thereby enablingdouble-enforcement and/or dual-charging both from the PCEF and from theTDF in accordance with dual methods.

Some embodiments of the present invention may be innovative over asystem in which the stand-alone functionality of a TDF module may merelydetect traffic (e.g., per ADC Rules received from the PCRF module) andthen, in return, informing the PCRF module about the detected trafficclassifier(s) such that the PCRF module may provide PCC rules to thePCEF module which is co-located with GGSN. The present invention maythus differ from a simple system that only includes a standalone DPImodule (i.e. TDF), which does not also perform rule enforcement and/orcharging, per ADC rules received from the PCRF module includingenforcement actions, usage monitoring actions and charging actionsdirectly towards the OCS and/or directly towards the OFCS. A systemwhich merely includes a DPI module, without the additionalfunctionalities of the TDF of the present invention, cannot enabledouble-enforcement or dual-method charging controlled by the PCRF; andcannot enable additional functionality (e.g., service chaining control,offloading, usage monitoring) performed by the TDF based on commandsreceived directly from the PCRF.

Some embodiments of the present invention do not require to utilizemethods for selecting (or alternatively, for bypassing) a particular TDFmodule out of several TDF modules in a system (e.g., based on userprivacy policies). Selecting or bypassing a particular TDF module may bedone per system configuration or, for example, per range of session's IPaddresses provided by a suitable module or component (e.g., by utilizingan optional TDF selector module, or TDF bypassing module, which may beassociated with an IP range provider which may provide a range or a setof IP addresses for which a particular TDF should be selected or shouldbe bypassed).

In some embodiments, the PCRF module may define, for a particularcellular subscriber device or cellular session, an increased chargingrate, or a decreased charging rate, or a modified or updated chargingrate, based on detection, by the TDF module, that said cellularsubscriber device or even a specified subscriber's cellular session isutilizing a particular application. Charging rate may be defined basedon e.g. different input factors such as subscriber's profile, RadioAccess Technology Type, access network information, locationinformation, type of detected application. There may be differentService Plans defined by the cellular network operators for a differentincreased or decreased rates based on detected application information.

In some embodiments, the system may comprise or may utilize adouble-charging prevention module (or a double-charging correctionmodule; or an excess-charging preventer module; or an excess-chargingcorrection module; or an overlapping-charging preventer module orcorrection module), in order to prevent and/or correct situations ofpossible double-charge or over-charge or overlapping-charges orexcessive-charges due to utilization of SDF-based charging andApplication-based charging. For example, the TDF module may perform ormay initiate or may command to perform application-based charging, basedon the detected application (e.g., detected by utilizing DPI) and basedon the applicable ADC rules. In some situations, the TDF module may notbe able to provide (e.g., to the PCRF module) the SDF description for adetected application. In some cases, traffic redirection may not beperformed (e.g., if the traffic flow is not HTTP-based). If the TDFmodule does provide to the PCRF module the SDF description, then thePCRF module may apply the charging and policy enforcement based on theSDF, and the system may ensure that the PCC rules are coordinated withthe ADC rules in order to prevent or correct a possible double-charge orover-charge and/or to ensure delivery of the services. In someembodiments, the ADC rules may be utilized to determine characteristicsfor charging; for example, usage reporting over the Gzn interface foroffline charging; and credit management and reporting over the Gyninterface for online charging. The PCEF module may not handle chargingand enforcement (e.g., based on active PCC rules), but may still performbearer binding based on the active PCC rules. Some embodiments may avoida situation in which traffic that would later be charged in the TDFmodule, is discarded by the policing function in the PCEF; for example,by ensuring that GBR bearers are not required when the TDF moduleoperates as the charging and policy enforcement point. Additionally, thedownload APN-AMBR (Aggregate Maximum BitRate) in the PCEF module may beconfigured with high values (e.g., greater than a pre-defined value) toensure that no packets are discarded. For example, a case of IMS APN mayrequire dynamic PCC rules, and the configuration may ensure that PCEFbased charging and enforcement is utilized, but for regular Internetaccess APN the network may be configured such that the TDF moduleperforms both charging and enforcement. Similar configuration may beapplied to both TDF module and PCEF module performing enforcement andcharging for a single IP-CAN session, if the network is configured suchthat traffic which is charged and enforced in the PCEF module does notoverlap with traffic charged and enforced by the TDF module. The PCEFmodule may perform enforcement actions for uplink traffic withoutimpacting the accuracy of charging information produced or utilized bythe TDF module. In some implementations, if charging for an SDFidentified by a PCC Rule is only required for the IP-CAN session, thenthe PCEF module may perform charging and policy enforcement for thatIP-CAN session; and the TDF may perform application detection (andreporting of application start and stop) for enforcement actionsperformed on downlink traffic.

Some embodiments may enable simultaneous or concurrent charging (orother services) that may comprise application-based charging (or otherservices) and also SDF-based charging (or other services); whilepreventing or correcting any possible over-charging or double-charging.The TDF module may utilize DPI or other methods in order to determine anapplication that a subscriber device is running, for such purposes, andfor applying or enforcing rules based on the identified application.

Some embodiments of the invention may be implemented by using adedicated device or dedicated apparatus, for example, a non-computerdevice, or a device which is not a general-purpose-computer; or astand-alone non-computer device which may be implemented by utilizingdedicated hardware or hardware-components, rather than by utilizing ageneral all-purpose Central Processing Unit (CPU). Some embodiments maybe implemented as a dedicated or specific-purpose network element ornetwork node or network device, or a router or switch or hub or gateway,or other non-general-computer apparatus. Optionally, one or more of themodules (e.g., the TDF module, the PCEF module, the PCRF module, the AFmodule, or the like) may be implemented as a dedicated hardware unit, orby comprising or as a dedicated sensor or specific-purpose component.

In some embodiments, a cellular traffic monitoring system may comprise:a policy and charging rules function (PCRF) module to create a set ofapplication detection and control (ADC) rules; an SDF-based policycharging and enforcement function (PCEF) module to enforce one or morecharging rules to said cellular subscriber device, based on SDF data; anonline charging system (OCS) connected to said SDF-based PCEF module andable to perform SDF-based online charging based on data received fromsaid SDF-based PCEF module; an offline charging system (OFCS) connectedto said SDF-based PCEF module and able to perform SDF-based offlinecharging based on data received from said SDF-based PCEF module; atraffic detection function (TDF) module, implemented as a separatemodule from said PCEF module; wherein the TDF module is connecteddirectly to said OCS; wherein the TDF module is connected directly tosaid OFCS; a billing domain module, connected to said OCS and said OFCS;wherein the TDF module is (a) to monitor cellular traffic associatedwith a cellular subscriber device, (b) to perform payload datainspection by using a Deep Packet Inspection (DPI) technique, (c) toapply said Application Detection and Control (ADC) rules in order todetect an application running on said cellular subscriber device, (d) togenerate detection output which includes at least one of: a type of anapplication associated with said cellular traffic of said cellularsubscriber device, and a type of said cellular traffic of said cellularsubscriber device; and (e) to generate application-based detectionoutput that enables at least one of the OCS and the OFCS to apply, onper-application basis, different charging rate to different applicationsbeing used over a cellular network in which said cellular subscriberdevice operates.

In some embodiments, the same cellular communication session is subjectto both (i) SDF-based charging based on output from the PCEF module, and(b) application-based charging based on output from the TDF module;wherein at least one of said OCS and OFCS, is to performapplication-based differential charging towards said cellular subscriberdevice based on application-based detection output that was generated bythe TDF module by using said DPI technique and by applying said ADCrules; wherein at least one of said OCS and OFCS is to performsubscriber account correlation which takes into account, for a samecellular communication session of a same subscriber account, both (i)SDF-based charging based on output from the PCEF module, and (b)application-based charging based on output from the TDF module; whereinsaid PCRF module is to define for said cellular subscriber device anupdated charging rate based on detection, by the TDF module, that saidcellular subscriber device is utilizing a particular application.

In some embodiments, the system further comprises an online chargingserver (OCS) to receive the detection output from the TDF module and toperform online charging.

In some embodiments, the system further comprises an offline chargingserver (OFCS) to receive the detection output from the TDF module and toperform offline charging.

In some embodiments, the system further comprises a policy and chargingrules function (PCRF) module to create a set of application detectionand control (ADC) rules, and to provide the ADC rules to be enforced bythe TDF module based on said detection output.

In some embodiments, the ADC rules comprise one or more traffic routingrules, and/or one or more traffic steering rules, and/or one or moretraffic offloading rules, and/or one or more rules indicating that oneor more supplemental services are to be applied to said cellulartraffic, and/or one or more rules for generating usage monitoringreports.

In some embodiments, the one or more supplemental services comprise oneor more services selected from the group consisting of: parental controlservice, content filtering service, anti-virus services, anti-malwareservice, quality of service (QoS) enforcement service, and bandwidthlimiting service.

In some embodiments, the TDF module is in direct communication with atleast one of: an online charging server (OCS) of said system; an offlinecharging server (OFCS) of said system; a billing domain of said system.

In some embodiments, the TDF module comprises a payload data inspectorto generate the detection output by utilizing a payload data inspectiontechnique.

In some embodiments, the system further comprises: a first policy andcharging rules function (PCRF) module, located in a first cellularnetwork, to create a set of application detection and control (ADC)rules applicable to the first cellular network, and to transfer the ADCrules to a second PCRF module located in a second cellular network.

In some embodiments, the second PCRF module is to enforce, in the secondcellular network, the ADC rules received from the first PCRF module andgenerated in the first cellular network.

In some embodiments, the PCEF module is comprised in a cellular gateway.

In some embodiments, the TDF module is to perform traffic offloading toan offloading network based on said detection output.

In some embodiments, the TDF module is to steer traffic from a homepacket data network (PDN) to a local breakout.

In some embodiments, said detection output of said TDF module istransferred to said PCEF module indirectly via a policy and chargingrules function (PCRF) module.

In some embodiments, said detection output of said TDF module istransferred to said PCEF module by via packet marking.

In some embodiments, a method of cellular traffic monitoring maycomprise: at a policy and charging rules function (PCRF) module,creating a set of application detection and control (ADC) rules; at anSDF-based policy charging and enforcement function (PCEF) module,enforcing one or more charging rules to said cellular subscriber device,based on SDF data; at an online charging system (OCS) connected to saidSDF-based PCEF module, performing SDF-based online charging based ondata received from said SDF-based PCEF module; at an offline chargingsystem (OFCS) connected to said SDF-based PCEF module, performingSDF-based offline charging based on data received from said SDF-basedPCEF module; at a traffic detection function (TDF) module, performing:(a) monitoring cellular traffic associated with a cellular subscriberdevice, (b) performing payload data inspection by using a Deep PacketInspection (DPI) technique, (c) applying said Application Detection andControl (ADC) rules in order to detect an application running on saidcellular subscriber device, (d) generating detection output whichincludes at least one of: a type of an application associated with saidcellular traffic of said cellular subscriber device, and a type of saidcellular traffic of said cellular subscriber device; and (e) generatingapplication-based detection output that enables at least one of the OCSand the OFCS to apply, on per-application basis, different charging rateto different applications being used over a cellular network in whichsaid cellular subscriber device operates.

In some embodiments, the TDF module is implemented as a separate modulefrom said PCEF module; wherein the TDF module is connected directly tosaid OCS; wherein the TDF module is connected directly to said OFCS;wherein a billing domain is connected to said OCS and to said OFCS;wherein a same cellular communication session is subject to both (i)SDF-based charging based on output from the PCEF module, and (b)application-based charging based on output from the TDF module; whereinthe method further comprises: performing, by at least one of said OCSand OFCS, application-based differential charging towards said cellularsubscriber device based on application-based detection output that wasgenerated by the TDF module by using said DPI technique and by applyingsaid ADC rules; performing, by at least one of said OCS and OFCS,subscriber account correlation which takes into account, for a samecellular communication session of a same subscriber account, both (i)SDF-based charging based on output from the PCEF module, and (b)application-based charging based on output from the TDF module; whereinsaid PCRF module is to define an updated charging rate for said cellularsubscriber device based on detection, by the TDF module, that saidcellular subscriber device is utilizing a particular application.

Functions, operations, components and/or features described herein withreference to one or more embodiments, may be combined with, or may beutilized in combination with, one or more other functions, operations,components and/or features described herein with reference to one ormore other embodiments, or vice versa.

While certain features of some embodiments of the present invention havebeen illustrated and described herein, many modifications,substitutions, changes, and equivalents may occur to those skilled inthe art. Accordingly, the claims are intended to cover all suchmodifications, substitutions, changes, and equivalents.

What is claimed is:
 1. A cellular traffic monitoring system comprising:a policy and charging rules function (PCRF) module to create a set ofapplication detection and control (ADC) rules; a Service Data Flow (SDF)based policy charging and enforcement function (PCEF) module to enforceone or more charging rules to a cellular subscriber device, based on SDFdata; wherein the SDF-based PCEF module is associated with an onlinecharging system (OCS) that is able to perform SDF-based online chargingbased on data received from said SDF-based PCEF module; wherein theSDF-based PCEF module is associated with an offline charging system(OFCS) that is able to perform SDF-based offline charging based on datareceived from said SDF-based PCEF module; a traffic detection function(TDF) module, implemented as a separate module from said SDF-based PCEFmodule; wherein the TDF module is connected directly to said OCS;wherein the TDF module is connected directly to said OFCS; wherein theTDF module is (a) to monitor cellular traffic associated with saidcellular subscriber device, (b) to perform payload data inspection byusing a Deep Packet Inspection (DPI) technique, (c) to apply saidApplication Detection and Control (ADC) rules in order to detect anapplication running on said cellular subscriber device, (d) to generatedetection output which includes at least one of: a type of anapplication associated with said cellular traffic of said cellularsubscriber device, and a type of said cellular traffic of said cellularsubscriber device; and (e) to generate application-based detectionoutput that enables at least one of the OCS and the OFCS to apply, onper-application basis, different charging rates to differentapplications being used over a cellular network in which said cellularsubscriber device operates; wherein a same cellular communicationsession is subject to both (i) SDF-based charging based on output fromthe PCEF module, and (ii) application-based charging based on outputfrom the TDF module; wherein at least one of said OCS and OFCS, is toperform application-based differential charging towards said cellularsubscriber device based on application-based detection output that wasgenerated by the TDF module by using said DPI technique and by applyingsaid ADC rules, wherein at least one of: said PCRF module, saidSDF-based PCEF module, and said TDF module, is implemented by utilizingat least a hardware component.
 2. The cellular traffic monitoring systemof claim 1, further comprising an online charging server to receive thedetection output from the TDF module and to perform online charging. 3.The cellular traffic monitoring system of claim 1, further comprising anoffline charging server to receive the detection output from the TDFmodule and to perform offline charging.
 4. The cellular trafficmonitoring system of claim 1, wherein the PCRF module is to provide theADC rules to be enforced by the TDF module based on said detectionoutput.
 5. The cellular traffic monitoring system of claim 1, whereinthe ADC rules comprise one or more traffic routing rules.
 6. Thecellular traffic monitoring system of claim 1, wherein the ADC rulescomprise one or more traffic steering rules.
 7. The cellular trafficmonitoring system of claim 1, wherein the ADC rules comprise one or moretraffic offloading rules.
 8. The cellular traffic monitoring system ofclaim 1, wherein the ADC rules comprise one or more rules indicatingthat one or more supplemental services are to be applied to saidcellular traffic.
 9. The cellular traffic monitoring system of claim 8,wherein the one or more supplemental services comprise one or moreservices selected from the group consisting of: parental controlservice, content filtering service, anti-virus services, anti-malwareservice, quality of service (QoS) enforcement service, and bandwidthlimiting service.
 10. The cellular traffic monitoring system of claim 1,wherein the ADC rules comprise one or more rules for generating usagemonitoring reports.
 11. The cellular traffic monitoring system of claim1, wherein the TDF module is in direct communication with at least oneof: an online charging server of said system; an offline charging serverof said system; a billing domain of said system.
 12. The cellulartraffic monitoring system of claim 1, wherein the TDF module comprises apayload data inspector to generate the detection output by utilizing apayload data inspection technique.
 13. The cellular traffic monitoringsystem of claim 1, comprising: a first policy and charging rulesfunction (PCRF) module, located in a first cellular network, to create aset of application detection and control (ADC) rules applicable to thefirst cellular network, and to transfer the ADC rules to a second PCRFmodule located in a second cellular network.
 14. The cellular trafficmonitoring system of claim 13, wherein the second PCRF module is toenforce, in the second cellular network, the ADC rules received from thefirst PCRF module and generated in the first cellular network.
 15. Thecellular traffic monitoring system of claim 1, wherein the PCEF moduleis comprised in a cellular gateway.
 16. The cellular traffic monitoringsystem of claim 1, wherein the TDF module is to perform trafficoffloading to an offloading network based on said detection output. 17.The cellular traffic monitoring system of claim 1, wherein the TDFmodule is to steer traffic from a home packet data network (PDN) to alocal breakout.
 18. The cellular traffic monitoring system of claim 1,wherein said detection output of said TDF module is transferred to saidPCEF module indirectly via a policy and charging rules function (PCRF)module.
 19. The cellular traffic monitoring system of claim 1, whereinsaid detection output of said TDF module is transferred to said PCEFmodule by via packet marking.
 20. A method of cellular trafficmonitoring, the method comprising: at a Service Data Flow (SDF) basedpolicy charging and enforcement function (PCEF) module, enforcing one ormore charging rules to a cellular subscriber device, based on SDF data;at an online charging system (OCS) connected to said SDF-based PCEFmodule, performing SDF-based online charging based on data received fromsaid SDF-based PCEF module; at an offline charging system (OFCS)connected to said SDF-based PCEF module, performing SDF-based offlinecharging based on data received from said SDF-based PCEF module; at atraffic detection function (TDF) module, performing: (a) monitoringcellular traffic associated with a cellular subscriber device, (b)performing payload data inspection by using a Deep Packet Inspection(DPI) technique, (c) applying said Application Detection and Control(ADC) rules in order to detect an application running on said cellularsubscriber device, (d) generating detection output which includes atleast one of: a type of an application associated with said cellulartraffic of said cellular subscriber device, and a type of said cellulartraffic of said cellular subscriber device; and (e) generatingapplication-based detection output that enables at least one of the OCSand the OFCS to apply, on per-application basis, different charging rateto different applications being used over a cellular network in whichsaid cellular subscriber device operates; wherein the TDF module isimplemented as a separate module from said PCEF module; wherein the TDFmodule is connected directly to said OCS; wherein the TDF module isconnected directly to said OFCS; wherein a same cellular communicationsession is subject to both (i) SDF-based charging based on output fromthe PCEF module, and (ii) application-based charging based on outputfrom the TDF module; performing, by at least one of said OCS and OFCS,application-based differential charging towards said cellular subscriberdevice based on application-based detection output that was generated bythe TDF module by using said DPI technique and by applying said ADCrules.